#45162: bash @4.3.25: Vulnerable to code execution in environment variables (CVE-2014-7169) ------------------------+---------------------- Reporter: kost.hc@… | Owner: raimue@… Type: defect | Status: assigned Priority: High | Milestone: Component: ports | Version: 2.3.1 Resolution: | Keywords: Port: bash | ------------------------+---------------------- Comment (by cal@…): The official fix in patchlevel 26 is the same as in Debian's `CVE-2014-7169.diff`. I've attached a patch that updates the port and also ports Debian's patches. I'll leave it up to you to decide whether you also want Debian's patches or just upstream's fix. I've verified that function exports work after this patch. When they get exported into environment variables, they are prefixed with `BASH_FUNC_` and suffixed with `()`. -- Ticket URL: <https://trac.macports.org/ticket/45162#comment:8> MacPorts <http://www.macports.org/> Ports system for OS X